Is SuperManager PCI Compliant

Started by David Johns, August 29, 2013, 03:18:37 PM

Previous topic - Next topic

David Johns

This is a difficult question.  PCI compliance is a very complicated subject.  While we don't have the proper credentials to  that SuperManager is 100% PCI compliant, we can offer the following information that can be used to  that:

  • There are two ways that you can make sure that credit card information is not stored on your computer by SuperManager.  First, you can go to "View", "Program Settings" and switch to the "Database" tab and uncheck "Credit Card Information" under "Optional SMG Database Fields to Save".  This makes sure that credit card information is not ever saved to your hard disk.  However, credit card numbers will be kept in the computers RAM memory for as long as you have SuperManager open.  In other words, if you add a credit card number to an order, that credit card number will show up in an order until you close SuperManager.   Once you close SuperManager and re-open it, you will find that the credit card number and expiration date are no longer in the order.  Alternatively or in addition to that, you  can go to "View", "Store Settings" and select the "Security" tab and change "Expire CC Information" to "30 Days" or another value.  This will make sure that credit card information is not re-saved into your file after the specified number of days.  Once an order is more than that number of days old, the next time you save the file, the credit card number will be replaced with "EXPIRED".  These two options allow you to choose if/when credit card information is stored in your SuperManager database.
  • When you choose to save credit card numbers in your database, they are not stored in a human readable format, however, they may not meet the encryption levels required by PCI standards
  • Besides the possibility that your credit card information being stored in the database, credit card numbers may be stored in files temporarily downloaded into the temp folder of your computer that are erased each time you import new orders.  This only applies to some store types.  Yahoo and Amazon stores do not export the entire credit card number, so it does not apply to them.

If you have any specific questions related to PCI compliance, please send us an email and we'll amend this FAQ.
SuperManager Support